At Medtronic you can begin a life-long career of exploration and innovation, while helping champion healthcare access and equity for all. You’ll lead with purpose, breaking down barriers to innovation in a more connected, compassionate world.

A Day in the Life

As a Principal Product Security Engineer at Medtronic, you will play a pivotal role in safeguarding our medical devices and healthcare solutions. You will be a key member of the Product Security responsible for ensuring the security and privacy of our products. Your expertise will guide us in delivering safe and secure healthcare solutions that meet the highest standards.

Responsibilities may include the following and other duties may be assigned

• Lead Security Initiatives- Take the helm in driving security initiatives for our connected enterprise products, embedded systems, and applications.
• Hardware Security Leadership- Lead the development and implementation of hardware security frameworks, processes, and standards for medical devices. Device Interfaces WiFi, BLE, RF,USB,JTAG, CAN Bus, UART
• Hardware Penetration Testing- Perform penetration testing on hardware components using specialized tools and techniques to identify potential vulnerabilities. Utilize hardware debugging, fault injection, side-channel analysis, and reverse engineering techniques for security testing.
• Security Threat Analysis & Risk Assessment- Conduct comprehensive security threat modeling and risk assessments for hardware components, including embedded systems, PCB designs, and physical interfaces. Identify and mitigate vulnerabilities through in-depth analysis of hardware architecture and component design.
• Security Features Development- Collaborate with product development teams to design and integrate security features into hardware, such as secure boot, encrypted storage, and tamper detection mechanisms. Ensure compliance with medical device security standards such as FDA cybersecurity guidelines, IEC 60601, and ISO 27001.
• Vulnerability Management & Incident Response- Lead efforts to address vulnerabilities identified in hardware components.
• Regulatory Compliance & Certification- Support security compliance initiatives for hardware-related regulatory requirements.
• Continuous Improvement & Industry Awareness- Stay updated on emerging threats, attack techniques, and security technologies specific to hardware. Propose and implement continuous improvements to hardware security strategies and tools.
• Engage with external security auditors for independent reviews of hardware security measures.
• Guidelines Compliance: Collaborate with product teams to ensure adherence to harmonized penetration testing guidelines for all products.
• KPI Reporting: Generate and report Key Performance Indicators (KPIs) related to penetration testing results at enterprise, Operating Unit (OU), and product levels.
• Lab Collaboration: Work closely with lab support and tools support teams to optimize security practices.
• Tool Management: Install and configure penetration testing tools when required to enhance security.
• Reporting and Knowledge Sharing: Proactively create, share, and review reports as part of penetration testing activities. Identify and propose new penetration testing methodologies.
• Secure Development Lifecycle: Promote a culture of security within the organization by integrating security into the product development lifecycle. Conduct code reviews and work closely with developers to ensure secure coding practices.
• Secure Configuration: Oversee the configuration of our products, ensuring that default settings are changed, unnecessary services are disabled, and security patches and updates are applied promptly.
• Access Control: Implement and manage access control mechanisms to restrict unauthorized access to sensitive resources and functions within our products.
• Data Encryption: Ensure that data is encrypted both in transit and at rest to protect it from unauthorized access or interception.
• Authentication and Authorization: Implement and maintain strong authentication and authorization mechanisms, including multi-factor authentication (MFA) where necessary.
• Logging and Monitoring: Establish robust logging and monitoring systems to detect and respond to security incidents in real-time. Implement intrusion detection systems and analyze logs for anomalies.
• User Education: Provide training and guidance to users and customers on secure product usage, password management, and the reporting of security issues.
• Third-party Assessment: Conduct security assessments of third-party components or services used in our products to ensure they meet our security standards.

Required Knowledge and Experience

• Education: BE/ BTech in Computer Science or a related field, or equivalent demonstrated experience and knowledge.
• Total 10 Years technical experience working with cybersecurity architecture, product security engineering or a related role.
• Teamwork: Demonstrated skill working as part of a team, collaborating, and supporting peers in a fast-paced environment.
• Project Management: Project management experience for full security system lifecycles and security tool upgrades, including business case development.
• Motivation: Self-motivated with the drive to solve challenging problems and motivate others to higher levels of performance and engagement.
• Continuous Learning: A strong desire and aptitude for continuous learning and staying updated on new and emerging technologies.
• Proficiency in security testing tools.
• Strong knowledge of security best practices, standards, and regulations in Medical Devices
• Hands-on experience with secure coding practices and code reviews.
• Familiarity with encryption, authentication, access control, and incident response.
• Excellent communication skills and the ability to collaborate with cross-functional teams.
• Security certifications such as Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) is a plus.

Physical Job Requirements

The above statements are intended to describe the general nature and level of work being performed by employees assigned to this position, but they are not an exhaustive list of all the required responsibilities and skills of this position.

Benefits & Compensation

Medtronic offers a competitive Salary and flexible Benefits Package
A commitment to our employees lives at the core of our values. We recognize their contributions. They share in the success they help to create. We offer a wide range of benefits, resources, and competitive compensation plans designed to support you at every career and life stage.

About Medtronic

We lead global healthcare technology and boldly attack the most challenging health problems facing humanity by searching out and finding solutions.
Our Mission — to alleviate pain, restore health, and extend life — unites a global team of 95,000+ passionate people.
We are engineers at heart— putting ambitious ideas to work to generate real solutions for real people. From the R&D lab, to the factory floor, to the conference room, every one of us experiments, creates, builds, improves and solves. We have the talent, diverse perspectives, and guts to engineer the extraordinary.

Learn more about our business, mission, and our commitment to diversity here